Ophcrack and Windows passwords

As mentioned before, rainbow tables are a mechanism that can be used to reverse hash functions, revealing information that was intended to be hidden. For instance, they can take the hashed contents of a Windows password file and turn them into a password you can use. This limitation largely exists because Windows does not use the technique of ‘salting,’ which would make rainbow tables unmanageably large. Unix-based operating systems, like Mac OS X, have been salting passwords since the 1970s.

Ophcrack is a piece of free software that exploits precisely this vulnerability. As explained here, it comes as a bootable CD, which can be used to circumvent the password on a Windows XP, Vista, or 7 computer.

Among other things, this means that having a password-protected user account isn’t an adequate way to protect your data from anyone who can get their hands on your computer: from customs agents to burglars. If you have anything sensitive in there, it would be sensible to further protect it with some strong encryption.

“One example is the LM hash that Microsoft Windows XP and previous uses by default to store user passwords of less than 15 characters in length. LM hash converts the password into all uppercase letters then breaks the password into two 7-character fields which are hashed separately—which allows each half to be attacked individually.”